Collaborate confidently using Rights Management

Vijay Kumar is a senior product manager for security and the Trust Center on the Office 365 team.

Security is one of the most important design principles and features of Office 365. Our focus on security spans hardware, software, the physical security of our datacenters, policies and controls, and verification by independent auditors. As part of our strong commitment to security, we are constantly investing in technologies and processes to proactively identify and mitigate security threats before they pose risks to you.

When it comes to security features, there are broadly two types of categories: 1) built-in security and 2) customer controls. Built-in security represents all the measures that Microsoft takes on behalf of all Office 365 customers to protect your information and run a highly available service. Customer controls are features that enable you to customize Office 365 to meet the specific needs of your organization. You can get details about both types of security features from the Security whitepaper in the Office 365 Trust Center.

Have you ever had your email or documents shared or given to other people than you intended, or seen your company’s information shared with people outside the company by accident? Maybe you have information that you want to share confidentially with only a few trusted colleagues for purposes of collecting feedback, but you’re concerned that the information may get leaked inadvertently before you are ready?

Fortunately, with Rights Management in Office 365, you can secure your information and apply an intelligent policy so that only specified internal and/or external people can “act” on your information. For example, you can allow recipients to edit and print, while restricting them from forwarding to others. This policy is attached to the information, so it applies no matter where your information lives-in the datacenter, in transit, or on your laptop, mobile device, or a USB key. Rights Management lets you assign policies to email, SharePoint Online libraries, individual Office documents, and other file types.

Rights Management for Office 365 isn’t just data security or encryption, although you get both with access control and 128-bit AES encryption. Rights Management is about putting you, the creator of content, in control. Now, with you firmly in the driver’s seat, you can confidently share information with anyone.

Examples of policies you can apply to email and documents with Rights Management for Office 365 are:

Do not forward (email)/ Restricted Access (Office apps): Only the recipients of the email or document will be able to view and reply. They cannot forward or share with other people or print. Even if someone you did not specifically give permission to access the file gets it, he or she will not be able to view the contents, because the policy is checked upon opening and the information is encrypted the entire time.

CompanyName Confidential: Only people inside your organization (that is, people with an Office 365 account @companyname.com) can access the content, make edits, and share with others inside your company.

CompanyNameConfidential View Only: People inside your organization can view this content but cannot edit or change it in any way. They can print and share with other people inside your company.

One everyday example to better understand Rights Management is to think of rights-protected content as registered mail that can be received only by the individual whom it is meant for, with the verification of identity and the added value that you have control over what the recipient does with the content. If the user can’t show a trusted ID, the mail is not delivered. Simple as that. You don’t need to send passwords or certificates, or use special tools for your documents – it is already built into Office applications and Office 365 services.

Information is there to share and collaborate, not to be locked down. So go ahead, give this a try, and start collaborating confidently and in a highly secure manner with Rights Management and Office 365.

A: RMS is already included in the Office 365 Enterprise E3, and E4 plans and the Education A3 and A4 plans. RMS is also available as an add-on in the E1 and A2 plans. Consumption of rights-protected content is free. A license is required to protect content.

Q: If a document is RMS protected in SharePoint Online, would it be protected once downloaded on to a local device?

A:Once a document is RMS protected in SharePoint Online, even if it is downloaded, the document carries the same protection. This holds for any type of information-email or a document-once it has been protected either locally or in the cloud; protection travels with the information.

Q: What type of files can be protected in Office 365 and RMS?

A:Office documents like Word, Excel, PowerPoint and Foxit PDF can be protected by RMS. Other file types like TXT, XML, JPG, JPEG, TIFF, GIF, BMP, and PDF can be protected using RMS application. RMS application functionality is in preview and will be generally available later this year. For more information visit www.microsoft.com/rms. You can get more information on public preview of RMS application by visiting the RMS blog.

Join the conversation

I found the above article immensly interesting, however given the news a month or two ago about Microsoft providing a back door to the above security to the likes of the NSA I am concered as to how secure this actually is.

I read the article that you provided the link to and again found it interesting and while I am not naive enough to think that other governments don’t collect information (GCHQ here in the UK) the allegations have been that companies have colluded with the NSA to use a flawed technology for encryption. This has resulted in the recent announcement by RSA to stop using one of its encryption technologies as it is no longer considered safe and it has been the use of this compromised technology that is the issue at the moment with allegations of collusion in its use since it is alleged that doesn’t need encryption keys to get access to the data and that they have been getting access to key hubs that the data passes through and siphoning up large chunks of data passing through them.